Vulnerability ID 4171

Apple Safari up to 5.0 buffer overflow

CVSSv3 Temp ScoreCurrent Exploit Price (≈)

A vulnerability has been found in Apple Safari up to 5.0 and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 07/22/2010 with Apple as HT4276 as confirmed advisory. The advisory is shared for download at This vulnerability is known as CVE-2010-1778 since 05/06/2010. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 47888 (Safari < 5.0.1 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context local.

Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 6 days after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 10064.

The vulnerability is also documented in the databases at SecurityFocus (BID 42020), Secunia (SA40664) and Vulnerability Center (SBV-26640). See 4317, 54197, 54198 and 54199 for similar entries.


Base Score: 7.3 [?]
Temp Score: 7.0 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C [?]
Reliability: High


Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) [?]
Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High




Class: Buffer overflow (CWE-79)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $25k-$50k (0-day) / $2k-$5k (Today)


Nessus ID: 47888
Nessus Name: Safari < 5.0.1 Multiple Vulnerabilities
Nessus File: macosx_Safari5_0_1.nasl
Nessus Family: Windows
Nessus Context: local
OpenVAS ID: 862241
OpenVAS Name: Fedora Update for qt FEDORA-2010-11011
OpenVAS File: gb_fedora_2010_11011_qt_fc13.nasl
OpenVAS Family: Fedora Local Security Checks


Recommended: Upgrade
Status: Official fix
Reaction Time: 6 days since reported
0-Day Time: 0 days since found
Exposure Time: 6 days since known

TippingPoint: 10064


05/06/2010 CVE assigned
07/22/2010 +77 days Advisory disclosed
07/28/2010 +6 days Countermeasure disclosed
07/28/2010 +0 days VulnerabilityCenter entry assigned
07/28/2010 +0 days Nessus plugin released
07/30/2010 +2 days NVD disclosed
08/02/2010 +3 days VulnerabilityCenter entry created
08/04/2010 +3 days OSVDB entry created
08/19/2010 +14 days VulDB entry created
02/24/2013 +920 days VulnerabilityCenter entry updated
07/08/2015 +864 days VulDB entry updated


Advisory: HT4276
Organization: Apple
Status: Confirmed

CVE: CVE-2010-1778 ( ( (

SecurityFocus: 42020
Secunia: 40664 - Apple Safari Multiple Vulnerabilities, Highly Critical
Vulnerability Center: 26640 - Apple Safari \x3C 5.0.1 Cross Site Scripting via an RSS Feed, Medium
OSVDB: 66844

See also: 4317, 54197, 54198, 54199, 54200, 54201, 54202, 54203, 54204, 54205, 54206, 54207, 54208, 54209


Created: 08/19/2010
Updated: 07/08/2015
Entry: 92.9% complete